Avoid multiple lock using FIPS DRBG.

Don't use multiple locks when SP800-90 DRBG is used outside FIPS mode. PR#3176 Reviewed-by: Rich Salz <rsalz@openssl.org>
author: Dr. Stephen Henson <steve@openssl.org> 2014-07-30 15:13:08 +0100
committer: Dr. Stephen Henson <steve@openssl.org> 2014-07-30 21:08:07 +0100
commit: a3efe1b6e9d2aa2ce5661e4d4b97262eae743fa7 (patch)
tree: a841e435b30e0b59513cda3c05a904b8e91f6af4 /crypto/rand/rand_lib.c
parent: 789b12599d2e9ad3f93ef54f4bacf296d82a8325 (diff)
1 files changed, 2 insertions, 1 deletions
diff --git a/crypto/rand/rand_lib.c b/crypto/rand/rand_lib.c
index 5ac0e14caf..54f1d35c6c 100644
--- a/crypto/rand/rand_lib.c
+++ b/crypto/rand/rand_lib.c
@@ -68,6 +68,7 @@
 #ifdef OPENSSL_FIPS
 #include <openssl/fips.h>
 #include <openssl/fips_rand.h>
+#include "rand_lcl.h"
 #endif
 
 #ifndef OPENSSL_NO_ENGINE
@@ -199,7 +200,7 @@ static size_t drbg_get_entropy(DRBG_CTX *ctx, unsigned char **pout,
 	*pout = OPENSSL_malloc(min_len);
 	if (!*pout)
 		return 0;
-	if (RAND_SSLeay()->bytes(*pout, min_len) <= 0)
+	if (md_rand_bytes_lock(*pout, min_len, 0, 0) <= 0)
 		{
 		OPENSSL_free(*pout);
 		*pout = NULL;
author	Dr. Stephen Henson <steve@openssl.org>	2014-07-30 15:13:08 +0100
committer	Dr. Stephen Henson <steve@openssl.org>	2014-07-30 21:08:07 +0100
commit	a3efe1b6e9d2aa2ce5661e4d4b97262eae743fa7 (patch)
tree	a841e435b30e0b59513cda3c05a904b8e91f6af4 /crypto/rand/rand_lib.c
parent	789b12599d2e9ad3f93ef54f4bacf296d82a8325 (diff)